package com.patterns.design.security.web.struts.common;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.struts.action.Action;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.Encoder;

public abstract class BaseAction extends Action {
	
	public abstract ActionForward executeAction(
			ActionMapping mapping, 
			ActionForm form,
			HttpServletRequest request, 
			HttpServletResponse response) throws Exception;
	
	public abstract void encodeData(Encoder encoder) throws Exception;
	
	public ActionForward execute(ActionMapping mapping, ActionForm form,
			HttpServletRequest request, HttpServletResponse response)
			throws Exception {
		//Initialize the security behavior
		BaseForm baseForm=(BaseForm)form;
		baseForm.setSanitizeNoJavascript(false);
		baseForm.setValidateForHtml(false);
		baseForm.setValidateBaseOnSufixInFilter(false);
		baseForm.setValidateBaseOnSufixInForm(false);
		baseForm.setEncodeForHtmlInFilter(false);
		baseForm.setEncodeForHtmlInAction(false);
		
		//Execute Business Action
		ActionForward actionForward= executeAction(mapping, form, request, response);
		//Encoding form result
		if(baseForm.encodeForHtmlInAction){
			encodeData(ESAPI.encoder());
		}
		return actionForward;
	}
	
}